Examples with FSAuthnResponse com.sun.identity.federation.message.FSAuthnResponse used on opensource projects

Search in sources :

Example 1 with FSAuthnResponse

use of com.sun.identity.federation.message.FSAuthnResponse in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method createAuthnResponse.

protected FSAuthnResponse createAuthnResponse(Object ssoToken, String inResponseTo, NameIdentifier userHandle, NameIdentifier idpHandle) {
    FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse:  Called");
    FSAuthnResponse authnResponse = null;
    try {
        String requestID = authnRequest.getRequestID();
        FSAssertionManager am = FSAssertionManager.getInstance(metaAlias);
        FSAssertion assertion = null;
        SessionProvider sessionProvider = SessionManager.getProvider();
        assertion = am.createFSAssertion(sessionProvider.getSessionID(ssoToken), null, realm, spEntityId, userHandle, idpHandle, inResponseTo, authnRequest.getMinorVersion());
        StatusCode statusCode = new StatusCode(IFSConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        authnResponse = new FSAuthnResponse(null, requestID, status, contents, relayState);
        authnResponse.setMinorVersion(authnRequest.getMinorVersion());
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse: " + "CHECK1: " + hostedEntityId);
        }
        authnResponse.setProviderId(hostedEntityId);
    } catch (FSException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: FSException: ", se);
        return null;
    } catch (SAMLException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SAMLException: ", se);
        return null;
    } catch (SessionException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SessionException: ", se);
        return null;
    }
    // sign AuthnResponse
    return authnResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) ArrayList(java.util.ArrayList) FSException(com.sun.identity.federation.common.FSException) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) ArrayList(java.util.ArrayList) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 2 with FSAuthnResponse

use of com.sun.identity.federation.message.FSAuthnResponse in project OpenAM by OpenRock.

the class FSSSOLECPProfileHandler method doSingleSignOn.

protected boolean doSingleSignOn(Object ssoToken, String inResponseTo, NameIdentifier opaqueHandle, NameIdentifier idpOpaqueHandle) {
    FSAuthnResponse authnResponse = createAuthnResponse(ssoToken, inResponseTo, opaqueHandle, idpOpaqueHandle);
    sendAuthnResponse(authnResponse);
    return true;
}
Also used : FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse)

Example 3 with FSAuthnResponse

use of com.sun.identity.federation.message.FSAuthnResponse in project OpenAM by OpenRock.

the class FSSSOWMLPostProfileHandler method doSingleSignOn.

protected boolean doSingleSignOn(Object ssoToken, String inResponseTo, NameIdentifier opaqueHandle, NameIdentifier idpOpaqueHandle) {
    FSAuthnResponse authnResponse = createAuthnResponse(ssoToken, inResponseTo, opaqueHandle, idpOpaqueHandle);
    sendAuthnResponse(authnResponse);
    return true;
}
Also used : FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse)

Example 4 with FSAuthnResponse

use of com.sun.identity.federation.message.FSAuthnResponse in project OpenAM by OpenRock.

the class FSAssertionConsumerService method doPost.

/**
     * Handles post profile.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException, IOException if error occurs.
     */
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
    Document doc = null;
    if ((request == null) || (response == null)) {
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
        return;
    }
    String metaAlias = FSServiceUtils.getMetaAlias(request);
    String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
    String baseURL = FSServiceUtils.getBaseURL(request);
    String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, request, baseURL);
    String hostEntityId = null;
    SPDescriptorType hostDesc = null;
    BaseConfigType hostConfig = null;
    try {
        hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
        hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e);
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    // obtain AuthnResponse message
    String encodedAuthnResponse = request.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
    }
    if (encodedAuthnResponse == null) {
        String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    encodedAuthnResponse = encodedAuthnResponse.replace(' ', '\n');
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
    }
    FSAuthnResponse authnResponse = null;
    try {
        String decodedAuthnResponse = new String(Base64.decode(encodedAuthnResponse));
        FSUtils.debug.message("Decoded authnResponse" + decodedAuthnResponse);
        doc = XMLUtils.toDOMDocument(decodedAuthnResponse, FSUtils.debug);
        if (doc == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doPost:Error " + "while parsing input xml string");
            }
            throw new FSMsgException("parseError", null);
        }
        authnResponse = new FSAuthnResponse(doc.getDocumentElement());
        if (authnResponse == null) {
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. " + "Can't parse Base64 encoded AuthnResponse");
            String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
    } catch (FSException e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occured while parsing Base64 encoded AuthnResponse: ", e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    } catch (SAMLException e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. SAMLException" + " occurred while parsing Base64 encoded AuthnResponse: ", e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is valid: " + authnResponse.toXMLString());
        }
    } catch (FSException e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occurred while calling AuthnResponse.toXMLString(): ", e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    FSAuthnRequest authnRequest = null;
    String requestID = authnResponse.getInResponseTo();
    if (requestID == null) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse " + "received does not have inResponseTo attribute");
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is against requestID: " + requestID);
    }
    authnRequest = getInResponseToRequest(requestID, metaAlias);
    if (authnRequest == null) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse" + " received does not have an associated AuthnRequest");
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, authnRequest.getRelayState(), null, request, baseURL);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "inResponseTo validation is successful");
    }
    try {
        String idpEntityId = null;
        IDPDescriptorType idpDescriptor = null;
        if (!authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
            idpEntityId = getProvider(authnResponse.getInResponseTo(), metaAlias);
            idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
            if (idpEntityId == null || idpDescriptor == null) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. Sender information " + "not found for the received AuthnResponse");
                String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
                FSUtils.forwardRequest(request, response, framedLoginPageURL);
                return;
            }
            if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(doc, idpDescriptor, idpEntityId)) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature " + "verification failed");
                FSUtils.forwardRequest(request, response, framedLoginPageURL);
                return;
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "LECP Profile identified. IDP info is unknown so far" + "Get providerId from the response");
            }
            idpEntityId = authnResponse.getProviderId();
            idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
        }
        // handle sso
        FSServiceManager sm = FSServiceManager.getInstance();
        FSAssertionArtifactHandler handler = sm.getAssertionArtifactHandler(request, response, authnRequest, authnResponse, idpDescriptor, idpEntityId);
        if (handler == null) {
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "could not create AssertionArtifactHandler");
            String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
            LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data);
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
            FSUtils.forwardRequest(request, response, framedLoginPageURL);
            return;
        }
        handler.setHostEntityId(hostEntityId);
        handler.setHostDescriptor(hostDesc);
        handler.setHostDescriptorConfig(hostConfig);
        handler.setMetaAlias(metaAlias);
        handler.setRealm(realm);
        handler.processAuthnResponse(authnResponse);
        return;
    } catch (Exception se) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception: ", se);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedLoginPageURL);
        return;
    }
}
Also used : FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) Document(org.w3c.dom.Document) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSServiceManager(com.sun.identity.federation.services.FSServiceManager) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSException(com.sun.identity.federation.common.FSException)

Example 5 with FSAuthnResponse

use of com.sun.identity.federation.message.FSAuthnResponse in project OpenAM by OpenRock.

the class CDCServlet method redirectWithAuthNResponse.

/**
     * Constructs the Liberty AuthNResponse with Restricted SSOToken
     * and redirects the user to the requested resouce
     */
private void redirectWithAuthNResponse(HttpServletRequest request, HttpServletResponse response, SSOToken token) throws ServletException, IOException {
    String gotoURL = getRedirectURL(request, response);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: gotoURL = " + gotoURL);
    }
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: After encoding: gotoURL = " + gotoURL);
    }
    if (gotoURL != null) {
        try {
            String inResponseTo = request.getParameter(REQUEST_ID);
            String spDescriptor = request.getParameter(PROVIDER_ID);
            String resTokenID = null;
            /**
                 * validateAndGetRestriction throws an exception if an agent
                 * profile with provider id and goto url is not present
                 */
            TokenRestriction tokenRes = spValidator.validateAndGetRestriction(FSAuthnRequest.parseURLEncodedRequest(request), gotoURL);
            if (uniqueCookieEnabled) {
                resTokenID = sessionService.getRestrictedTokenId(token.getTokenID().toString(), tokenRes);
            } else {
                resTokenID = token.getTokenID().toString();
            }
            FSAssertion assertion = createAssertion(spDescriptor, SELF_PROVIDER_ID, resTokenID, token.getAuthType(), token.getProperty("authInstant"), token.getPrincipal().getName(), inResponseTo);
            String relayState = request.getParameter(RELAY_STATE);
            Status status = new Status(new StatusCode(IFSConstants.STATUS_CODE_SUCCESS));
            FSAuthnResponse authnResponse = createAuthnResponse(SELF_PROVIDER_ID, responseID, inResponseTo, status, assertion, relayState);
            sendAuthnResponse(request, response, authnResponse, gotoURL);
        } catch (SAMLException se) {
            debug.error("CDCServlet.doGetPost", se);
            showError(response);
        } catch (FSMsgException fe) {
            debug.error("CDCServlet.doGetPost", fe);
            showError(response);
        } catch (FSException fse) {
            debug.error("CDCServlet.doGetPost", fse);
            showError(response);
        } catch (SessionException e) {
            debug.error("CDCServlet.doGetPost", e);
        } catch (SSOException ssoe) {
            debug.error("CDCServlet.doGetPost", ssoe);
        } catch (Exception e) {
            debug.error("CDCServlet.doGetPost", e);
            spValidator = new LdapSPValidator();
            showError(response, FORBIDDEN_STR_MATCH);
        }
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) TokenRestriction(com.iplanet.dpro.session.TokenRestriction) SessionException(com.iplanet.dpro.session.SessionException) SSOException(com.iplanet.sso.SSOException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) ParseException(java.text.ParseException) SSOException(com.iplanet.sso.SSOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) SessionException(com.iplanet.dpro.session.SessionException) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSAssertion(com.sun.identity.federation.message.FSAssertion) FSException(com.sun.identity.federation.common.FSException)

Aggregations

FSAuthnResponse (com.sun.identity.federation.message.FSAuthnResponse)8 FSException (com.sun.identity.federation.common.FSException)5 SAMLException (com.sun.identity.saml.common.SAMLException)4 Status (com.sun.identity.saml.protocol.Status)3 StatusCode (com.sun.identity.saml.protocol.StatusCode)3 IOException (java.io.IOException)3 FSAssertion (com.sun.identity.federation.message.FSAssertion)2 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)2 SessionException (com.sun.identity.plugin.session.SessionException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 ServletException (javax.servlet.ServletException)2 SessionException (com.iplanet.dpro.session.SessionException)1 TokenRestriction (com.iplanet.dpro.session.TokenRestriction)1 SSOException (com.iplanet.sso.SSOException)1 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)1 FSRedirectException (com.sun.identity.federation.common.FSRedirectException)1 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1 FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)1 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial